I have a few PHP-based sites in my Sites folder that I use for testing my websites before uploading them. I would like the contents of the folder to be inaccessible to other user accounts on the computer (to hide the contents of the PHP code) but obviously I need Apache to be able to access the folders. However, I can't just turn off access to 'Others' because that blocks 'www' from accessing the files. Is there a way to just give 'www' access aside from myself? Or is this one of the limitations of Unix permissions? In Windows I can add the web server as a user to certain folders of files, which is one of the few time I like the Windows way of user permission settings.
File permissions for Sites folder
- Thread starter btoth
- Start date
scruffy
Notorious Olive Counter
When 10.4 comes out it will have POSIX ACLs, which are conceptually very similar to Windows ACLs (but without "explicit deny"). Until then, we're stuck with the old-fashioned user/group/world permissions.
You could probably change the group ownership of the files to 'www', or whatever group the apache process belongs to, and grant that group read permissions. I can't think of any obvious security problems with that, but I could be overlooking something. Whatever you do though, don't change the _user_ ownership to 'www', or grant the 'www' group write permissions - that could be a disaster if someone compromised the apache process.
You could probably change the group ownership of the files to 'www', or whatever group the apache process belongs to, and grant that group read permissions. I can't think of any obvious security problems with that, but I could be overlooking something. Whatever you do though, don't change the _user_ ownership to 'www', or grant the 'www' group write permissions - that could be a disaster if someone compromised the apache process.
10.4 sounds promising, though I'm sure something will be missing.